redirect doesn't seem to work?

[Robert P. J. Day]

On 4 Nov 2002, Ben Russo wrote:

> Have a UNIX server.  User wants to write programs to receive SNMPTraps.
> I *thought* I could redirect incomming traffic to port 162 to a high
> port, (like 4162) where the user could have his programs receive the
> messages with no special privelages?
> 
> Anyway, a completely normal box, no special firewalling rules....
> The only rule I create is:
> 
> iptables -t nat -A POSTROUTING -p udp -m udp --dport 162 -j REDIRECT
> --to-ports 4162
> 
> Now, the user starts his program that binds to udp port 4162 ( I can see
> it with "netstat -nap" ) but he doesn't see any packets coming in.
> I run tcpdump -n | grep snmptrap and I see packets coming from the
> network to the server on udp port 162, and the server sending back icmp
> unreachable packets back to the sources??
> 
> Why doesn't the redirect work?

don't you want that to be a PREROUTING rule, not POSTROUTING?




rday (who now knows just enough to possibly give really bad advice :-)